Re: But there is Fossil...
> On Jan 6, 2020, at 16:18, Constantine A. Murenin wrote: > > GitHub is so successful because it is non-trivial to get Git working. I found gitea trivial to install. Having said that, I use whatever repo projects provide. I’m not here to say VCS “A” is better than VCS “B”, just saying installing various VCS’s under OpenBSD is pretty damn simple. Sean
Re: dhcpd and unbound on a small LAN
> On Jan 6, 2020, at 04:24, Anders Andersson wrote:
> Right now I'm considering something that monitors dhcpd.leases for
> changes and updates a running unbound using unbound-control(8) but I
> don't feel confident enough writing such a tool that does not miss a
> lot of corner cases and handle startup/shutdown gracefully. I'm also
> thinking that it can't be such an unusual use case, so someone surely
> must have written such a tool already. I just haven't found any in my
> search.
>
> Or am I doing this the wrong way? I've now read about things like mDNS
> and Zeroconf and Avahi and I'm just getting more and more confused.
> Ideas are welcome!
So, on my little home network, I do the following (well, it’s in progress, but
I used to do the same thing with Bind):
1) run unbound for name resolution for all devices (after the recent discussion
about turning your network inside out, I’m debating turning on PF to redirect
all DNS queries to my unbound server).
2) I run nsd to provide name services for my domains. So, I use
“int.domain.name” for all local addresses. I just point unbound at nsd
(running on a different port) for those domains.
3) I use static assignment of IPv4 address to *most* of my devices (this is the
part in progress). This is what everyone’s talking about using:
host alice {
hardware ethernet 00:19:b9:e0:2f:de;
fixed-address 192.168.0.68;
}
Of course, I could use dynamic DNS updates for all devices, but I find that as
the “owner” of basically everything, it’s easier to have fixed addresses
instead. The problem is for every device I need some sort of DB for every
device that includes the ETHERNET address as well as the IP address (because
devices get replaced, etc., but I want to keep the name and the IP, but change
the ethernet). From that, I can generate both the dhcpd.conf file *and* the
nsd PTR and A records. That’s the bit I’m working on now.
The upshot is that unbound redirects certain domains to nsd, NSD controls all
the domains (both my internal ones and some external ones) and DHCPD points all
the clients to unbound for name resolution.
I have a small range for non-known devices — I don’t mind friends coming over
and using my wireless. Soon I hope to put THOSE devices on another vlan and
give them rate-limited access. But I haven’t finished the whole “create
everything from one DB” yet, so. . . WIP.
Yes, I could just have unbound return addresses for the local network, but
what’s the fun in that? :-)
Sean
Re: Readv and writev failing across ethernet
Well, I figured out how to suppress the readv/writev problems in openmpi -- run it under ktrace! I gave up after the ktrace file reached 46 GB. This suggests that the "not permitted" failure on writev is a timing problem that appears sporadically. From what I have read about openmpi, a new socket pair is opened for every high level write. If the write tries to transmit before the read socket is established, then the write will fail with this message. So, if some rare event delays the establishment of the read socket, the write fails. This only happens in my case in going from one machine to another, not between processes on the same machine, which kind of makes sense. I have tried three different ethernet cards (realtek, broadcom, and intel) and all do the same thing. The problem maybe isn't even in the ethernet but somewhere higher in the stack, as suggested by Philip Guenther. I am currently writing a tiny openmpi replacement in Go for the small part of mpi that I actually use. I should be able to explore this issue further and maybe even make my model work. Dave Raymond On 12/24/19, Philip Guenther wrote: > On Tue, Dec 24, 2019 at 8:14 PM Raymond, David > wrote: > >> Openmpi uses readv/writev. I am beginning to think that the timeout >> and permission errors are legit and reflect real conditions. What > > does re do when it receives a write request when it is busy? >> > > 're' does not expose a device, but rather provides network interfaces that > are then used with sockets. What sort of sockets does openmpi use? What > sort of packet loss is generated on this network and what protocols does > openmpi use to recover from that? > > (Lacking both dmesg or kdump, I'll probably have nothing further to > contribute to this thread) > > Philip Guenther > -- David J. Raymond david.raym...@nmt.edu http://physics.nmt.edu/~raymond
Re: But there is Fossil...
The problem with Fossil is lack of a driving force. GitHub is so successful because it is non-trivial to get Git working. Now that Git is a standard, there's a lot of copycats for GitHub itself, because every developer knows Git.* Fossil seems to be pretty easy to use all by itself, hence there's no service similar to GitHub, because the added value would be considerably smaller, plus you'll be going up against the giants like Git and GitHub; in fact, Bitbucket has already abandoned Mercurial support recently, embracing the monoculture of Git. If anyone's more interested in Fossil, http://fossil-scm.org/ website itself runs on Fossil (yes, it's self-hosted, and, yes, Fossil itself comes with a CMS, as well as a bug-tracking system), but there's also https://src.fossil.netbsd.org/ — the timeline interface is claimed to be the best feature of Fossil, it provides great visual representation of commits on all the branches as they happen; e.g., https://src.fossil.netbsd.org/timeline?n=50=2020-01-02+15:42:26 (in case there's nothing on branches on this link, see http://archive.is/dmKxZ , or http://web.archive.org/web/20200107001225/https://src.fossil.netbsd.org/timeline?n=50=2020-01-02+15:42:26 , which shows exactly which release branches were updated at what time and in what order). The other key difference of Fossil compared to Git is that the whole history of work is permanent, not transient like in Git's branch and squash-merge model, e.g., you don't just remove things (like branches) from the repository that were there yesterday, like in Git, and unlike in CVS or many other systems. Does it mean OpenBSD and/or NetBSD should switch to Fossil? No, that's not what I said. Cheers, Constantine. http://cm.su/
Re: dhcpd and unbound on a small LAN
On Mon, Jan 6, 2020 at 9:26 AM Sonic wrote:
>
> You have it backwards, let dhcp use the information in unbound to
> assign the reserved address:
> ===
> host alice {
> hardware ethernet 20:9e:02:f5:93:60;
> fixed-address alice.home.lan;
> option host-name "alice";
> }
> ===
This is how I do it too, except simplified further by setting the
use-host-decl-names option at a higher scope (see dhcpd.conf(5)); then
you don't need "option host-name ..." for each host.
> Start unbound before dhcpd in your rc.conf.local (ex):
> ===
> unbound_flags="-c /var/unbound/etc/unbound.conf"
> dhcpd_flags="em0"
> ===
The order of directives in rc.conf.local does not matter, as the order
of base daemons is hardcoded in /etc/rc (and does indeed start unbound
before dhcpd); as a matter of fact, 'rcctl enable foo' will sort the
file! (I personally dislike this behavior, since it moves comment
lines away from the things they're commenting on, but I digress...)
The only order that does matter is words within the pkg_scripts
setting, which orders those relative to each other.
> Make sure your resolv.conf points to unbound so that your system can
> resolve the local dns names.
If your uplink interface interface is configured as DHCP, this will
need to be set in dhclient.conf, e.g. "supersede domain-name-servers
127.0.0.1".
-Andrew
Re: But there is Fossil...
On Mon, Jan 06, 2020 at 09:34:55PM +0100, Anders Andersson wrote: > One good thing with this trainwreck of a discussion is that it pointed > me to GoT. I've been looking for an alternative to CVS on my Amiga, > but git is too convoluted to even start trying to build on a > mostly-C89-semi-POSIX system. GoT seems like a much nicer starting > point. > > Good luck with that. I'm not quite sure Matt Dillon's unix compatibility goo is going to be enough to convince amigaos to build got
Re: But there is Fossil...
On Mon, Jan 6, 2020 at 8:03 PM Stefan Sperling wrote: > > On Mon, Jan 06, 2020 at 06:28:48PM +, go...@disroot.org wrote: > > done reading that entire document, however, this is a topic about > > OpenBSD choosing Git over Fossil, but the actual problem is > > reimplementing Git (Game of Trees is a Git implementation just > > like OpenGit) and that's ridiculous, however, having read > > that PDF document I question: which of those problems are > > present in Fossil, not Git? in presence of those problems, > > why not wait for fix in Fossil instead of rushing to > > reimplement Git? I always see the point in two things: > > 1. using something existing > > 2. innovating something new > > > > Game of Trees and OpenGit are not innovations, they are > > implementations of existing innovation, if you've seen my > > first message, I suggested option 1 > > Look, if you don't like something why don't you just ignore it? > Instead of wasting time by writing pointless messages which the > many people on this list now have to delete from their inbox? > > The gameoftrees FAQ says: > "" > We don't need to hear your opinion that our project is pointless because > Git is superior. Thank you! > "" > The same applies to Fossil or whatever else anyone thinks is superior. > > Why should I care about your opinion on what I should be working > on in my spare time? It looks like you're just trying to annoy me. One good thing with this trainwreck of a discussion is that it pointed me to GoT. I've been looking for an alternative to CVS on my Amiga, but git is too convoluted to even start trying to build on a mostly-C89-semi-POSIX system. GoT seems like a much nicer starting point.
Re: But there is Fossil...
On Mon, Jan 06, 2020 at 06:28:48PM +, go...@disroot.org wrote: > done reading that entire document, however, this is a topic about > OpenBSD choosing Git over Fossil, but the actual problem is > reimplementing Git (Game of Trees is a Git implementation just > like OpenGit) and that's ridiculous, however, having read > that PDF document I question: which of those problems are > present in Fossil, not Git? in presence of those problems, > why not wait for fix in Fossil instead of rushing to > reimplement Git? I always see the point in two things: > 1. using something existing > 2. innovating something new > > Game of Trees and OpenGit are not innovations, they are > implementations of existing innovation, if you've seen my > first message, I suggested option 1 Look, if you don't like something why don't you just ignore it? Instead of wasting time by writing pointless messages which the many people on this list now have to delete from their inbox? The gameoftrees FAQ says: "" We don't need to hear your opinion that our project is pointless because Git is superior. Thank you! "" The same applies to Fossil or whatever else anyone thinks is superior. Why should I care about your opinion on what I should be working on in my spare time? It looks like you're just trying to annoy me.
Re: But there is Fossil...
January 5, 2020 5:50 PM, "Diana Eichert" wrote: > On Sat, Jan 4, 2020 at 8:48 PM Theo de Raadt wrote: > >> > > SNIP > >> wow this is going downhill. random solo-repo people telling us what to do >> when Chuck Cranor and I started this whole export-the-repo model. >> >> get some perspective dude, hopefully in the jungle. > > It seems like a lot of people in this thread don't understand, a good > read is http://chuck.cranor.org/p/anoncvs.pdf > > It took me 10 seconds reading Chuck Cranor's web page to find it. > > Not certain why there has been so much noise on misc@ lately. done reading that entire document, however, this is a topic about OpenBSD choosing Git over Fossil, but the actual problem is reimplementing Git (Game of Trees is a Git implementation just like OpenGit) and that's ridiculous, however, having read that PDF document I question: which of those problems are present in Fossil, not Git? in presence of those problems, why not wait for fix in Fossil instead of rushing to reimplement Git? I always see the point in two things: 1. using something existing 2. innovating something new Game of Trees and OpenGit are not innovations, they are implementations of existing innovation, if you've seen my first message, I suggested option 1 there are OpenBSD innovations I really like: pf, doas, sndio
Re: dhcpd and unbound on a small LAN
On 2020-01-06, Raymond, David wrote: > I found unbound hard to use so I went back to dnsmasq (a package on > OpenBSD), which I had used previously on linux. Trivial configuration > and it works like a charm in providing DNS service for local and > remote systems behind a NAT firewall. (It gets local information from > the host file on the NAT machine.) Optionally, it will also provide > dhcp service. (Note that you have to set up a _dnsmasq user/group to > keep rcctl happy.) The _dnsmasq user/group are created automatically when you install the package.
Re: dhcpd and unbound on a small LAN
On Mon, 6 Jan 2020 09:51:55 -0500 Sonic wrote: > On Mon, Jan 6, 2020 at 9:35 AM Steve Litt > wrote: > > I need something like that for my situation. Two questions: > > > > 1) Does the preceding setup prevent anyone with a different mac > > address from getting 192.168.0.68? > > Via dhcp, yes, it would. Unless they change their MAC address to > match. They could also manually use the same IP address. > > > 2) Is there a way I can set it up so ONLY specific mac addresses can > > get a dhcp lease from my server?*** I'd like to keep the man on the > > street from getting a lease: If I don't know the person and machine > > ahead of time, I don't want them getting a lease. > > See the "range" statement for the dhcp subnet, with no range only > known clients with reserved addresses will get IP addresses assigned. Nice! Between you and Paul, I now have all the info to do exactly what I want. Thanks to both of you! SteveT Steve Litt December 2019 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21
oops (was: unsubscription from misc@)
Fsck, me sleepy head typed 'isc' instead of the intended 'ajordomo'... Suffice is to say that mehad enough of the bickering for a while. --zeur. -- Friggin' Machines!
Re: dhcpd and unbound on a small LAN
On Mon, Jan 06, 2020 at 09:33:44AM -0500, Steve Litt wrote:
| On Mon, 06 Jan 2020 14:03:20 +0100
| "Boudewijn Dijkstra" wrote:
|
|
| > Another way is to configure the DHCP server to give alice the same
| > address every time.
| >
| > host alice {
| > hardware ethernet 00:19:b9:e0:2f:de;
| > fixed-address 192.168.0.68;
| > }
|
| I need something like that for my situation. Two questions:
|
| 1) Does the preceding setup prevent anyone with a different mac address
| from getting 192.168.0.68?
That specific snippet of DHCP configuration does not prevent dhcpd
from handing it out to other machines (with different macs). It
depends on the rest of your configuration and on whether this machine
is currently alive with that address on your network.
If you have configured a range for dynamic allocation that covers the
assigned fixed-address, then that fixed-address may be assigned to
another machine. This may result in problems for host alice when it
boots. The easy solution is to not do that: don't have your
statically assigned addresses overlap with the dynamic range.
| 2) Is there a way I can set it up so ONLY specific mac addresses can
| get a dhcp lease from my server?*** I'd like to keep the man on the
| street from getting a lease: If I don't know the person and machine
| ahead of time, I don't want them getting a lease.
If you want to only allow specific MACs, then you'll need to specify
the MAC addresses in the configuration file, and assign each one an
address, so you'll need to pre-assign IPs to MACs.
| *** I presume one way is to set aside just enough IP addresses to cover
| known mac addresses. I was wondering if there's a way that involves
| less arithmetic.
Not sure what arithmetic you're referring to specifically: simply
enumerate all machines by MAC and give each one a static lease
('fixed-address') in your /etc/dhcpd.conf, much like the host 'alice'
in the sample Boudewijn showed you. Leave out a dynamic 'range' for
unknown clients, and you're done. This is what I have done in the
past on my private home network.
Cheers,
Paul 'WEiRD' de Weerd
--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
http://www.weirdnet.nl/
Re: dhcpd and unbound on a small LAN
On Mon, Jan 6, 2020 at 9:35 AM Steve Litt wrote: > I need something like that for my situation. Two questions: > > 1) Does the preceding setup prevent anyone with a different mac address > from getting 192.168.0.68? Via dhcp, yes, it would. Unless they change their MAC address to match. They could also manually use the same IP address. > 2) Is there a way I can set it up so ONLY specific mac addresses can > get a dhcp lease from my server?*** I'd like to keep the man on the > street from getting a lease: If I don't know the person and machine > ahead of time, I don't want them getting a lease. See the "range" statement for the dhcp subnet, with no range only known clients with reserved addresses will get IP addresses assigned. Chris
Re: dhcpd and unbound on a small LAN
On Mon, Jan 6, 2020 at 7:27 AM Anders Andersson wrote:
> ...
> Every time information has to be entered twice there is room for error
> and inconsistencies, so preferably this list should be automatically
> generated from a simpler file, maybe /etc/hosts.
No need for dual entry or messing with the hosts file, unbound alone
is fine for resolving names.
> ...
> My second and more difficult issue is that I can't seem to find a way
> to feed information from the DHCP server into unbound, so that locally
> assigned hosts can be queried by their hostnames.
You have it backwards, let dhcp use the information in unbound to
assign the reserved address:
===
host alice {
hardware ethernet 20:9e:02:f5:93:60;
fixed-address alice.home.lan;
option host-name "alice";
}
===
Start unbound before dhcpd in your rc.conf.local (ex):
===
unbound_flags="-c /var/unbound/etc/unbound.conf"
dhcpd_flags="em0"
===
Make sure your resolv.conf points to unbound so that your system can
resolve the local dns names.
Chris
Re: openssl / did something change?
Try openssl aes-256-cbc -d -a -salt -md md5 < encrypted-file.encrypted ^^^ -Dieter On Mon, Jan 06, 2020 at 02:17:20PM +, Roderick wrote: > > I cannot decrypt files with > > openssl aes-256-cbc -d -a -salt < encrypted-file.encrypted > > That I encrypted with > > openssl aes-256-cbc -e -a -salt < file > file.encrypted > > I get the error: > > bad decrypt > 616640944:error:06FFF064:digital envelope routines:CRYPTO_internal:bad > decrypt:/usr/src/lib/libcrypto/evp/evp_enc.c:527: > > And it is very improvable that I forgot the password. > > What I do not remember is the version of openssl and if I used > OpenBSD or FreeBSD for encrypting. At the moment I do not have access > to the FreeBSD machine. I tried with a modern slax-linux (in USB Stick) > and it failed also. > > I thank you for any hint. > > Rodrigo
Re: openssl / did something change?
On Mon, 6 Jan 2020, Zé Loff wrote: > Someone had the same issue some weeks ago. See: > https://marc.info/?l=openbsd-misc=157548338310097=2 > and the following discussion. Solution: add -md md5 Thank you very much for the fast answer. I was a litle in panic. Rodrigo
Re: openssl / did something change?
On Mon, Jan 06, 2020 at 02:17:20PM +, Roderick wrote: > > I cannot decrypt files with > > openssl aes-256-cbc -d -a -salt < encrypted-file.encrypted > > That I encrypted with > > openssl aes-256-cbc -e -a -salt < file > file.encrypted > > I get the error: > > bad decrypt > 616640944:error:06FFF064:digital envelope routines:CRYPTO_internal:bad > decrypt:/usr/src/lib/libcrypto/evp/evp_enc.c:527: > > And it is very improvable that I forgot the password. > > What I do not remember is the version of openssl and if I used > OpenBSD or FreeBSD for encrypting. At the moment I do not have access > to the FreeBSD machine. I tried with a modern slax-linux (in USB Stick) > and it failed also. > > I thank you for any hint. > > Rodrigo > Someone had the same issue some weeks ago. See: https://marc.info/?l=openbsd-misc=157548338310097=2 and the following discussion. Solution: add -md md5 --
Re: dhcpd and unbound on a small LAN
On Mon, 06 Jan 2020 14:03:20 +0100
"Boudewijn Dijkstra" wrote:
> Another way is to configure the DHCP server to give alice the same
> address every time.
>
> host alice {
> hardware ethernet 00:19:b9:e0:2f:de;
> fixed-address 192.168.0.68;
> }
I need something like that for my situation. Two questions:
1) Does the preceding setup prevent anyone with a different mac address
from getting 192.168.0.68?
2) Is there a way I can set it up so ONLY specific mac addresses can
get a dhcp lease from my server?*** I'd like to keep the man on the
street from getting a lease: If I don't know the person and machine
ahead of time, I don't want them getting a lease.
*** I presume one way is to set aside just enough IP addresses to cover
known mac addresses. I was wondering if there's a way that involves
less arithmetic.
Thanks,
SteveT
Steve Litt
December 2019 featured book: Rapid Learning for the 21st Century
http://www.troubleshooters.com/rl21
openssl / did something change?
I cannot decrypt files with openssl aes-256-cbc -d -a -salt < encrypted-file.encrypted That I encrypted with openssl aes-256-cbc -e -a -salt < file > file.encrypted I get the error: bad decrypt 616640944:error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt:/usr/src/lib/libcrypto/evp/evp_enc.c:527: And it is very improvable that I forgot the password. What I do not remember is the version of openssl and if I used OpenBSD or FreeBSD for encrypting. At the moment I do not have access to the FreeBSD machine. I tried with a modern slax-linux (in USB Stick) and it failed also. I thank you for any hint. Rodrigo
Re: dhcpd and unbound on a small LAN
I found unbound hard to use so I went back to dnsmasq (a package on OpenBSD), which I had used previously on linux. Trivial configuration and it works like a charm in providing DNS service for local and remote systems behind a NAT firewall. (It gets local information from the host file on the NAT machine.) Optionally, it will also provide dhcp service. (Note that you have to set up a _dnsmasq user/group to keep rcctl happy.) Dave Raymond On 1/6/20, Anders Andersson wrote: > I'm in the process of replacing an aging OpenWRT device on my home LAN > with an apu4d4 running OpenBSD as my personal router. > > I would like to use unbound as a caching DNS server for my local > hosts, but I'm trying to figure out how to handle local hostnames. It > seems like a common scenario but I can't find a solution that feels > like the "right" way. I have two problems, one is trivial compared to > the other. > > > My first and very minor issue is that I would like to register my > static hosts in a more convenient way than what's currently offered by > unbound. From what I understand you would configure your local hosts > something like this: > > local-zone: "home.lan." static > local-data: "laptop.home.lan.IN A 10.0.0.2" > local-data-ptr: "10.0.0.2 laptop.home.lan" > > Every time information has to be entered twice there is room for error > and inconsistencies, so preferably this list should be automatically > generated from a simpler file, maybe /etc/hosts. I can of course > easily write such a script, but I'm wondering if there might be a > standard, go-to way of doing this. > > > > My second and more difficult issue is that I can't seem to find a way > to feed information from the DHCP server into unbound, so that locally > assigned hosts can be queried by their hostnames. To clarify with an > example: > > 1. I install a new system and in the installation procedure I name it > "alice". > 2. "alice" asks for and receives an IP number from my DHCP server. > 3. Every other machine can now connect to "alice" by name, assuming > that "alice" informed the DHCP server of its name when asking for an > address. > > Currently this works because OpenWRT is using dnsmasq which is both a > caching DNS server and a DHCP server, so the left hand knows what the > right hand is doing. How can I solve this in OpenBSD base without > jumping through hoops? > > Right now I'm considering something that monitors dhcpd.leases for > changes and updates a running unbound using unbound-control(8) but I > don't feel confident enough writing such a tool that does not miss a > lot of corner cases and handle startup/shutdown gracefully. I'm also > thinking that it can't be such an unusual use case, so someone surely > must have written such a tool already. I just haven't found any in my > search. > > Or am I doing this the wrong way? I've now read about things like mDNS > and Zeroconf and Avahi and I'm just getting more and more confused. > Ideas are welcome! > > -- David J. Raymond david.raym...@nmt.edu http://physics.nmt.edu/~raymond
Re: dhcpd and unbound on a small LAN
Op Mon, 06 Jan 2020 13:24:50 +0100 schreef Anders Andersson
:
I'm in the process of replacing an aging OpenWRT device on my home LAN
with an apu4d4 running OpenBSD as my personal router.
I would like to use unbound as a caching DNS server for my local
hosts, but I'm trying to figure out how to handle local hostnames. It
seems like a common scenario but I can't find a solution that feels
like the "right" way. I have two problems, one is trivial compared to
the other.
My first and very minor issue is that I would like to register my
static hosts in a more convenient way than what's currently offered by
unbound. From what I understand you would configure your local hosts
something like this:
local-zone: "home.lan." static
local-data: "laptop.home.lan.IN A 10.0.0.2"
local-data-ptr: "10.0.0.2 laptop.home.lan"
Every time information has to be entered twice there is room for error
and inconsistencies, so preferably this list should be automatically
generated from a simpler file, maybe /etc/hosts. I can of course
easily write such a script, but I'm wondering if there might be a
standard, go-to way of doing this.
My second and more difficult issue is that I can't seem to find a way
to feed information from the DHCP server into unbound, so that locally
assigned hosts can be queried by their hostnames. To clarify with an
example:
1. I install a new system and in the installation procedure I name it
"alice".
2. "alice" asks for and receives an IP number from my DHCP server.
3. Every other machine can now connect to "alice" by name, assuming
that "alice" informed the DHCP server of its name when asking for an
address.
Currently this works because OpenWRT is using dnsmasq which is both a
caching DNS server and a DHCP server, so the left hand knows what the
right hand is doing. How can I solve this in OpenBSD base without
jumping through hoops?
Right now I'm considering something that monitors dhcpd.leases for
changes and updates a running unbound using unbound-control(8) but I
don't feel confident enough writing such a tool that does not miss a
lot of corner cases and handle startup/shutdown gracefully. I'm also
thinking that it can't be such an unusual use case, so someone surely
must have written such a tool already. I just haven't found any in my
search.
Or am I doing this the wrong way? I've now read about things like mDNS
and Zeroconf and Avahi and I'm just getting more and more confused.
Ideas are welcome!
Another way is to configure the DHCP server to give alice the same address
every time.
host alice {
hardware ethernet 00:19:b9:e0:2f:de;
fixed-address 192.168.0.68;
}
--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: Blank/black screen for 6.6 - any general debugging hints?
Op Mon, 30 Dec 2019 19:07:10 +0100 schreef lu hu : Hello, I was using 6.5 on a desktop PC. I did a sysupgrade, but after the blue boot text, I only get black/blank screen. I don't think it is just the screen, since I cannot reach it via network. I booted the 6.6 bsd.rd then did a clean install with 6.6. The same issue. I had the same issue (I have yet to report it.) Disabling amdgpu fixed it for me. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: sysupgrade fails
On Mon, Jan 6, 2020 at 1:30 PM Christer Solskogen < christer.solsko...@gmail.com> wrote: > > On Mon, Jan 6, 2020 at 12:27 PM Stuart Henderson > wrote: > >> >> Are you able to ^Z at that point and run "mount"? (I can't remember if >> sysupgrade lets you do this). >> >> > I can. My root disk is not mounted. > > Sorry, something was wrong with my console, so it wasn't showing. But now it does (that damn cable wasn't inserted properly) hugs# mount /dev/rd0a on / type ffs (local) /dev/sd0a on /mnt type ffs (local, read-only) I can unmount /mnt manually. No problem there. Can you show your /etc/fstab? >> > > 89100ad7b8b8d77a.b none swap sw > 89100ad7b8b8d77a.a / ffs rw,wxallowed,softdep,noatime 1 1 > Same problem without softdep, in case you were wondering.
Re: OpenBSD VM on ESXi: uvn_flush: obj=0xfffffd813ee78298, offset=0x33f000. error during pageout.
On 2020-01-05, Jurjen Oskam wrote: > On Thu, Oct 31, 2019 at 08:01:25AM -, Stuart Henderson wrote: > >> On 2019-10-30, Jurjen Oskam wrote: >> > >> > All snapshots I tried up to and including this point did not show the >> > problem: >> > OpenBSD 6.6-beta (GENERIC.MP) #202: Mon Aug 12 11:01:21 MDT 2019 >> > >> > All snapshots I tried starting from this point show the problem: >> > OpenBSD 6.6-beta (GENERIC.MP) #207: Tue Aug 13 11:32:34 MDT 2019 >> > >> > >> > Would it be helpful to start a binary search for the exact commit that >> > introduced the problem? >> >> Yes, definitely! We usually do this with date-based cvs updates. >> >> > I've been looking at the commit history around >> > that time but haven't been able to spot an obvious candidate; but that's >> > probably because I'm not a programmer. >> >> Sometimes diffs are tested in snapshots before they're committed, >> so you might need to look beyond the snapshot dates to find the >> commit. > > This took a while. I was not able to isolate a commit, but I did find > the variable that can reliably trigger the problem. > > It's a bit embarrasing to say that the trigger is a f*ckup at my end: in my > template configuration for short-lived VMs, I accidentally configured /usr > to be 1G. I'm aware this is too small, but I never noticed because it > didn't seem to cause any problem for quite a few releases. I guess at > some point the kernel grew a bit and then the problem started to occur > during reorder_kernel. > > After configuring /usr to be created at 4G (and leaving everything else the > same), the problem never occurred again. > > This does lead me to a question though. Is it expected that a (nearly) full > filesystem can result in dmesg error messages such as these? (None of the > filesystems on the system are mounted softdep) I would not expect to see that from a full filesystem. I think it would be worth sending a write-up (including full dmesg and disklabel) to bugs@ as I would guess that people who might have a better idea what's going on here aren't likely to read misc@ frequently. > uvn_flush: obj=0xfd813ee78298, offset=0x33f. error during pageout. > uvn_flush: WARNING: changes to page may be lost! > uvn_flush: obj=0x0, offset=0x33f. error during pageout. > uvn_flush: WARNING: changes to page may be lost! > [ repeat last two lines many times ] > uvn_flush: obj=0xfd813ee78298, offset=0x340. error during pageout. > uvn_flush: WARNING: changes to page may be lost! > uvn_flush: obj=0x0, offset=0x340. error during pageout. > uvn_flush: WARNING: changes to page may be lost! > [ repeat last two lines many times ] > > /dev/sd0a on / type ffs (local) > /dev/sd0i on /home type ffs (local, nodev, nosuid) > /dev/sd0d on /tmp type ffs (local, nodev, nosuid) > /dev/sd0f on /usr type ffs (local, nodev) > /dev/sd0g on /usr/X11R6 type ffs (local, nodev) > /dev/sd0h on /usr/local type ffs (local, nodev, wxallowed) > /dev/sd0e on /var type ffs (local, nodev, nosuid) > > Regards, > > Jurjen Oskam > >
Re: sysupgrade fails
On Mon, Jan 6, 2020 at 12:27 PM Stuart Henderson wrote: > > Are you able to ^Z at that point and run "mount"? (I can't remember if > sysupgrade lets you do this). > > I can. My root disk is not mounted. Can you show your /etc/fstab? > 89100ad7b8b8d77a.b none swap sw 89100ad7b8b8d77a.a / ffs rw,wxallowed,softdep,noatime 1 1
Re: LCP keepalive timeout for PPPOE
On 2020-01-05, Tom Murphy wrote: > On 2020-01-03, jrmu wrote: >> inet 0.0.0.0 255.255.255.255 NONE \ >> pppoedev cpsw0 authproto pap \ >> authname '12345...@isp.net' authkey 'abcd1234' up >> dest 0.0.0.1 >> #inet6 eui64 >> !/sbin/route add default -ifp pppoe0 0.0.0.1 >> #!/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 > > I had major problems with using 'dest' in hostname.pppoe0. > I ended up having to do something like: > > inet 0.0.0.0 255.255.255.255 0.0.0.1 \ > pppoedev re0 authproto chap > authname '' authkey '' > > etc.. > > For whatever reason, using 'inet 0.0.0.0 255.255.255.255 NONE \ > dest 0.0.0.1' would use this ifconfig command: > > ifconfig pppoe0 inet 0.0.0.0 netmask 255.255.255.255 pppoedev re0 authproto > chap Yes, netstart processes hostname.if line-by-line and doesn't get to the "dest" bit until it's already configured the address on the interface (thus bringing it up automatically). It usually needs to be set earlier. Not sure if it's a race with the ISP bringing up IPCP or something else but "dest" either doesn't work reliably, or doesn't work at all. > Where as if you replaced the NONE with 0.0.0.1 and removed the 'dest 0.0.0.1' > line, it would > run: > > ifconfig pppoe0 inet 0.0.0.0 netmask 255.255.255.255 broadcast 0.0.0.1 > pppoedev re0 authproto chap > > And that seemed to make my connection work. I'm not sure why, but it had to > do something with my side > not accepting the peer's IP. This is what I have for v4+v6 with larger MTUs (which depends on ISP and your equipment) - omit the mtu lines if not wanted ... hostname.pppoe0: mtu 1500 inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev em1 authproto chap authname "someuser@zen" authkey "somepass" up inet6 eui64 inet6 autoconf -autoconfprivacy !/sbin/route add default -ifp pppoe0 0.0.0.1 !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 -priority 8 hostname.em1: mtu 1508 up
dhcpd and unbound on a small LAN
I'm in the process of replacing an aging OpenWRT device on my home LAN with an apu4d4 running OpenBSD as my personal router. I would like to use unbound as a caching DNS server for my local hosts, but I'm trying to figure out how to handle local hostnames. It seems like a common scenario but I can't find a solution that feels like the "right" way. I have two problems, one is trivial compared to the other. My first and very minor issue is that I would like to register my static hosts in a more convenient way than what's currently offered by unbound. From what I understand you would configure your local hosts something like this: local-zone: "home.lan." static local-data: "laptop.home.lan.IN A 10.0.0.2" local-data-ptr: "10.0.0.2 laptop.home.lan" Every time information has to be entered twice there is room for error and inconsistencies, so preferably this list should be automatically generated from a simpler file, maybe /etc/hosts. I can of course easily write such a script, but I'm wondering if there might be a standard, go-to way of doing this. My second and more difficult issue is that I can't seem to find a way to feed information from the DHCP server into unbound, so that locally assigned hosts can be queried by their hostnames. To clarify with an example: 1. I install a new system and in the installation procedure I name it "alice". 2. "alice" asks for and receives an IP number from my DHCP server. 3. Every other machine can now connect to "alice" by name, assuming that "alice" informed the DHCP server of its name when asking for an address. Currently this works because OpenWRT is using dnsmasq which is both a caching DNS server and a DHCP server, so the left hand knows what the right hand is doing. How can I solve this in OpenBSD base without jumping through hoops? Right now I'm considering something that monitors dhcpd.leases for changes and updates a running unbound using unbound-control(8) but I don't feel confident enough writing such a tool that does not miss a lot of corner cases and handle startup/shutdown gracefully. I'm also thinking that it can't be such an unusual use case, so someone surely must have written such a tool already. I just haven't found any in my search. Or am I doing this the wrong way? I've now read about things like mDNS and Zeroconf and Avahi and I'm just getting more and more confused. Ideas are welcome!
Iked site-to-site source ip is wrong
Hi *, I have the following setup: A: ikev2 '2router' active esp \ from A.A.A.A/32 to C.C.C.C/32 port 9001 \ local A.A.A.A peer 188.194.145.145 \ srcid a.home.arpa dstid b.home.arpa \ rsa \ config address 10.0.5.100 B: ikev2 '2router' passive esp \ from A.A.A.A/32 to C.C.C.C/32 \ peer A.A.A.A local 188.194.145.145 \ srcid b.home.arpa dstid a.home.arpa \ rsa \ config address 10.0.5.1 \ config protected-subnet C.C.C.C/32 A's pf.conf: match out on enc0 all nat-to 10.0.5.100 Whatever I do the packets that reach B have source address of A's public interface and are not routed but dropped. The above config is just the last variation. What am I doing wrong? I'd appreciate your help so much. Thank's alot. Best regards, Stephan
Re: sysupgrade fails
On 2020-01-05, Christer Solskogen wrote:
> Hi!
>
> On one(out of two!) of my APUs sysupgrade fails, and I'm having trouble
> understanding why.
> This is what happens:
>
> Available disks are: sd0.
> Which disk is the root disk? ('?' for details) [sd0] sd0
> Checking root filesystem (fsck -fp /dev/sd0a)... OK.
> Mounting root filesystem (mount -o ro /dev/sd0a /mnt)... OK.
> Force checking of clean non-root filesystems? [no] no
> umount: /mnt: Device busy
> Can't umount sd0a!
>
> This does not happen if I run the upgrade manually by downloading a newer
> bsd.rd and boot that.
> This is a APU2c4 - My APU1 does not have this problem.
>
Are you able to ^Z at that point and run "mount"? (I can't remember if
sysupgrade lets you do this).
Can you show your /etc/fstab?
Re: Automated OS builds?
On 2020-01-05, Marc Espie wrote: > On Sun, Jan 05, 2020 at 06:08:55PM +, Paul Suh wrote: >> On Jan 5, 2020, at 12:43 PM, Morten Gade Liebach wrote: >> > >> > Read release(8), then write a script runs through the described process. >> >> I can do that, and will if I have to, but if someone has already done it or >> has a base to start from that would be better. (I’ve been building OpenBSD >> releases that way since 3.2? 3.3? Something like that.) > > There are so many specifics to how each person configures his system and > curates his local changes, > it's hard to give a "one size fits all". Exactly. But don't bother trying to look for changes before deciding to update the source tree from the repo - just do the 'cvs up' and check the output to see if anything changed. >
